Bitlocker Drive Encryption

BitLocker Drive Encryption

Server 2012 What is Bitllocker?

BitLocker is a tool that allows you to encrypt both the operating system volume and additional data volumes within the same server. New files added to the encrypted drives are encrypted automatically, and files moved from this drive to another drive or computers are decrypted automatically Benefits of BitLocker

• Enhanced protection against data theft

• BitLocker will protect your data in the event of a lost or stolen hard disk.

• If your disk is lost or stolen, the encryption prevents unauthorized access to the data.

Operating systems that can use BitLocker

• Windows 7 Enterprise • Windows 7 Ultimate • Windows 8 Pro • Windows 8 Enterprise • Windows Server 2008 • Windows Server 2008 R2 • Windows Server 2012 & 2012R2 Removable media such as external hard disks or USB drives use BitLocker To Go

Security Technology behind BitLocker

• BitLocker uses a Trusted Platform Module (TPM) chip to store the security key. • If your computer does not have a TPM chip, you can store the key on a removable USB drive.

Note: The USB drive will be required each time you start the computer so that the system drive can be decrypted.

How does it work?

If the TPM discovers a potential security risk, such as a disk error or changes made to BIOS, hardware, system files, or startup components, the system drive will not be unlocked until you enter the 48-digit BitLocker recovery password or use a USB drive with a recovery key as a recovery agent.

Enabling BitLocker in Windows Server 2012

Here we want to select both BitLock Drive encryption and BitLock Network Unlock feature if we require the Network Unlock feature The system needs to be restarted after the bitlocker install. Install BitLocker by using the Windows PowerShell utility

To install BitLocker, use the following PowerShell commands:

Install-WindowsFeature BitLocker -IncludeAllSubFeature - IncludeManagementTools -Restart

Network Unlock

• Network Unlock allows an administrator to configure BitLocker to unlock automatically an encrypted hard drive during a system reboot when that hard drive is connected to their trusted corporate environment. • For this to function properly on a machine, there has to be a DHCP driver implementation in the system’s firmware.